Update Your Chrome Browser Now: Critical Security Flaw Being Actively Exploited
Google has issued an emergency Chrome update to fix an actively exploited security flaw. Check your browser version now and update if needed.
A serious security vulnerability has been discovered in Google Chrome that is already being exploited by attackers, and users are being urged to update their browser immediately.
Google has issued an emergency patch for a high-severity zero-day bug, tracked as CVE-2026-2441, which affects Chrome versions prior to 145.0.7632.75. The flaw is found in the way Chrome handles CSS font features and could allow a remote attacker to execute malicious code simply by directing a user to a specially crafted webpage.
The vulnerability is classified as a "use-after-free" bug, meaning Chrome was accessing memory it had already released during certain font-related processes. In practice, this creates an opening for attackers to run their own code within the browser's sandbox environment, the secure layer that is supposed to keep website activity isolated from the rest of your device.
While Chrome's sandbox provides a degree of protection, security researchers note that running unauthorised code within it is still a serious risk. An attacker who gains this foothold can potentially steal account credentials, intercept sensitive data, or, if combined with a second vulnerability to escape the sandbox entirely, install malware or cause wider system damage.
Google has confirmed active exploitation of the flaw but has not disclosed specific targets or the scale of attacks.
Writing for Malwarebytes, Pieter Arntz noted that even without escaping the sandbox, an attacker who exploits the flaw effectively becomes that browser tab, with access to anything it can see or modify.
CVE-2026-2441 is the first Chrome zero-day of 2026, and Google considered it serious enough to issue a standalone emergency update rather than wait for the next scheduled release.
How to check if you are protected
The patched version is 145.0.7632.75 or later on Linux, and 145.0.7632.75/76 on Windows and macOS. To verify your version or trigger an update manually, click the three-dot menu in the top right of Chrome, go to Settings, then About Chrome. Chrome will check for updates automatically and prompt you to restart once the download is complete.
Users of other Chromium-based browsers should also watch for similar updates from their respective developers in the coming days.
As a general precaution, avoid clicking unsolicited links in emails or on social media, ensure automatic updates are enabled, and consider restarting your browser regularly, as many users leave Chrome open for extended periods, which can delay protection even after an update has been downloaded.
